CFO insight and analysis written and compiled by DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Taking a Proactive Approach to Today’s Cyberthreats

Organizations across industries need to raise their games to respond to escalating cybersecurity threats. Cybercriminals are often well-resourced and potentially even nation-state sponsored. They can be highly capable, methodical and patient—and their tactics keep shifting. “Smash-and-grab” attacks still occur, with hackers compromising a system to steal credit card data and the like, and then moving on. Now, though, what’s called the “long-term dwell” is becoming more common. Adversaries can gain undetected access and maintain a persistent, long-term presence in critical IT environments.

Recognizing the new reality, leading organizations are changing the lens through which they view cyberrisk. Rather than relying on traditional security controls to reveal telltale signs that an attack has occurred, they are applying intelligence and advanced techniques to identify threats before attacks occur—and proactively responding.

Cyberrisks: Beware a False of Security

Today’s cybercriminals are often motivated to infiltrate corporate IT systems for a simple reason: that’s where the money is. There are sophisticated, lucrative markets for monetizing a wide range of stolen intellectual property. Cybercriminals are often targeting research and development data, marketing and product strategies, intellectual property and other business-sensitive information for financial gain and competitive advantage. Beyond financial motivations, some cybercriminals target government agencies and critical infrastructure industries to compromise national security.

Meanwhile, many organizations may have a false sense of security, perhaps even complacency, because they have already made significant investments in security tools and processes. Yet firewalls, antivirus protections and systems for detecting and preventing intrusions are increasingly less effective as attackers use encryption and other innovative techniques to evade them. Many companies are failing to detect long-dwell cyberrimes in their IT environments and misallocating limited resources to lesser, more generic threats. Basic security blocking and tackling is valuable, but is in no way sufficient. Richard Clarke, former cybersecurity advisor to the White House, believes “every major company in the United States has already been penetrated.”¹

To proactively respond to cyberthreats, leading organizations use advanced forensic and analytic techniques to mine intelligence from both internal and external sources. Their goal is to develop a deeper understanding of the origin of attacks and track specific adversaries to enhance future risk analysis. If a security breach occurs, they move quickly to detect, isolate and contain it.

Although cyberthreats are pervasive and often complex, the building blocks of a proactive approach to addressing them are similar to those for any well-planned business initiative. Organizations need to understand what’s at stake and the maturity level of their current efforts, and then make improvements by applying their existing capabilities whenever possible. The following building block can help companies mitigate cyberthreats:

Identify the most valuable targets. Understand the market value of stolen intellectual property in your industry and, specifically, in your company. Tap into external intelligence to understand the broader threat landscape. Then look inward and determine which assets face the highest risk for an attack—either because of high potential for monetization if stolen, or critical business impact if breached.

Assess the current program. Assess your current cyberthreat management program across specific dimensions to identify strengths and gaps. Include intelligence capabilities, emerging threat research and modeling, brand protection and network and malware forensics.

Plan the improvements. Develop a road map for enhancing your target threat defense architecture, prioritized based on perceived risk of high-value business assets. Update your threat assessment process to focus on critical business risks to the organization and then model how those business risks may be affected by specific cyberthreats. Too often, organizations design their defenses to respond to the general security threats, not the threats that could have a material impact on their own business. Because this approach typically doesn’t allow for targeted mitigation, the most important threats to the business often aren’t addressed.

Build a business case for enhancements. Based on the program assessment and updated threat scenarios, articulate the business case for enhancing the cyberthreat management program. This seems like an obvious step, but many information security teams look at their mission as a preordained mandate. Clearly articulating the reasoning, justification and business impact can breathe new life into the security organization and increase the likelihood of funding to expand capabilities.

Get the most from existing capabilities. Seek to fully realize the benefits of the technologies and processes already in place before building or implementing new ones. Organizations will likely find that they can enhance their benefits from existing capabilities and tools. These include endpoint protection, vulnerability assessment and patch management, content monitoring, data loss protection, intrusion prevention and core network services. Determine which elements of the threat defense architecture are in place today or could be developed with adjustments and integration, versus which elements require new technology and processes.

Cybersecurity may be technical in nature, but it is a business issue at its core. Business and technology leaders need to engage in ongoing discussions about what the business values most, how the company drives competitive advantage and which information and other digital assets are the most sensitive. Brand, customer trust and strategic positioning are at risk. There may be no such thing as “hacker-proof,” but there ways to become less inviting to attack and proactively establish outward- and inward-facing measures to protect your most valued assets.

About Deloitte Insights

Deloitte’s Insights for CFOs provides financial executives a customized resource to help them address the strategic, operational and regulatory issues they face in managing their finance organizations and careers, with top-line digests, research, perspectives and technical analyses.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.